CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2019-9855 – Windows 8.3 path equivalence handling flaw allows LibreLogo script execution
https://notcve.org/view.php?id=CVE-2019-9855
06 Sep 2019 — LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify that pre-installed scripts can be executed on various document script events such as mouse-over, etc. Protection was added to block calling LibreLogo from script event handers. However a Windows 8.3 path equivalence handling flaw left LibreOffice vulnerable under W... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00067.html • CWE-417: Communication Channel Errors •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2019-9854 – Unsafe URL assembly flaw in allowed script location check
https://notcve.org/view.php?id=CVE-2019-9854
06 Sep 2019 — LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice install. Protection was added, to address CVE-2019-9852, to avoid a directory traversal attack where scripts in arbitrary locations on the file system could be executed by employing a URL encoding attack to defeat the ... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00067.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2019-9852 – Insufficient URL encoding flaw in allowed script location check
https://notcve.org/view.php?id=CVE-2019-9852
15 Aug 2019 — LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice install. Protection was added, to address CVE-2018-16858, to avoid a directory traversal attack where scripts in arbitrary locations on the file system could be executed. However this new protection could be bypassed b... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00006.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-116: Improper Encoding or Escaping of Output •
CVSS: 9.8EPSS: 84%CPEs: 10EXPL: 2CVE-2019-9851 – LibreLogo global-event script execution
https://notcve.org/view.php?id=CVE-2019-9851
15 Aug 2019 — LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Protection was added, to address CVE-2019-9848, to block calling LibreLogo from document event script handers, e.g. mouse over. However LibreOffice also has a separate feature where documents can specify that pre-installed scripts can be executed on various global script events such as document-open, etc. In the fixed vers... • https://packetstorm.news/files/id/154168 • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 1%CPEs: 11EXPL: 0CVE-2019-9850 – Insufficient url validation allowing LibreLogo script execution
https://notcve.org/view.php?id=CVE-2019-9850
15 Aug 2019 — LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify that pre-installed scripts can be executed on various document script events such as mouse-over, etc. Protection was added, to address CVE-2019-9848, to block calling LibreLogo from script event handers. However an insufficient url validation vulnerability in Libre... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00006.html • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 85%CPEs: 9EXPL: 0CVE-2019-9848 – libreoffice: LibreLogo script can be manipulated into executing arbitrary python commands
https://notcve.org/view.php?id=CVE-2019-9848
17 Jul 2019 — LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. LibreOffice is typically also bundled with LibreLogo, a programmable turtle vector graphics script, which can be manipulated into executing arbitrary python commands. By using the document event feature to trigger LibreLogo to execute python contained within a document a malicious document could be constructed which would execute arbitrary python commands silen... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00006.html • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.3EPSS: 6%CPEs: 9EXPL: 1CVE-2019-9849 – libreoffice: Remote resources protection module not applied to bullet graphics
https://notcve.org/view.php?id=CVE-2019-9849
17 Jul 2019 — LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote resources within a document. A flaw existed where bullet graphics were omitted from this protection prior to version 6.2.5. This issue affects: Document Foundation LibreOffice versions prior to 6.2.5. LibreOffice presenta un "stealth mode" en el que solo los... • https://github.com/mbadanoiu/CVE-2019-9849 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2019-9847 – Executable hyperlink targets executed unconditionally on activation
https://notcve.org/view.php?id=CVE-2019-9847
09 May 2019 — A vulnerability in LibreOffice hyperlink processing allows an attacker to construct documents containing hyperlinks pointing to the location of an executable on the target users file system. If the hyperlink is activated by the victim the executable target is unconditionally launched. Under Windows and macOS when processing a hyperlink target explicitly activated by the user there was no judgment made on whether the target was an executable file, so such executable targets were launched unconditionally. Thi... • https://www.libreoffice.org/about-us/security/advisories/cve-2019-9847 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 92%CPEs: 2EXPL: 7CVE-2018-16858 – LibreOffice < 6.0.7 / 6.1.3 - Macro Code Execution
https://notcve.org/view.php?id=CVE-2018-16858
04 Feb 2019 — It was found that libreoffice before versions 6.0.7 and 6.1.3 was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. An attacker could craft a document, which when opened by LibreOffice, would execute a Python method from a script in any arbitrary file system location, specified relative to the LibreOffice install location. Se ha observado que libreoffice en versiones anteriores a la 6.0.7 y 6.1.3 era vulnerable a ataques de salto de directori... • https://packetstorm.news/files/id/152560 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-356: Product UI does not Warn User of Unsafe Actions •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-14939
https://notcve.org/view.php?id=CVE-2018-14939
05 Aug 2018 — The get_app_path function in desktop/unx/source/start.c in LibreOffice through 6.0.5 mishandles the realpath function in certain environments such as FreeBSD libc, which might allow attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact if LibreOffice is automatically launched during web browsing with pathnames controlled by a remote web site. La función get_app_path en desktop/unx/source/start.c en LibreOffice hasta la versión 6.0.5 gestiona... • http://www.securityfocus.com/bid/105047 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •